package com.huawei.gamebox;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;

/* compiled from: AESKeyStoreKeyManager.java */
/* loaded from: classes16.dex */
public class so9 extends vo9 {
    @Override // com.huawei.gamebox.vo9
    @SuppressLint({"WrongConstant"})
    public void b(uo9 uo9Var) throws KfsException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.b.c());
            keyGenerator.init(new KeyGenParameterSpec.Builder(uo9Var.a, uo9Var.c.b()).setKeySize(uo9Var.b).setAttestationChallenge(this.b.b().getBytes(StandardCharsets.UTF_8)).setRandomizedEncryptionRequired(false).setBlockModes("GCM", "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KfsException(eq.j(e, eq.q("generate aes key failed, ")));
        }
    }

    @Override // com.huawei.gamebox.vo9
    public void h(uo9 uo9Var) throws KfsException {
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        byte[] R = jf9.R(cipherAlg.b());
        KeyStoreProvider keyStoreProvider = this.b;
        CipherAlg.c("AES");
        String str = uo9Var.a;
        try {
            KeyStore keyStore = KeyStore.getInstance(keyStoreProvider.b());
            keyStore.load(null);
            Key key = keyStore.getKey(str, null);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, jf9.E(R));
            if (key == null) {
                throw new CryptoException("key | parameterSpec cannot be null");
            }
            g(new oo9(keyStoreProvider, cipherAlg, key, gCMParameterSpec, null));
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new KfsException(eq.d3(e, eq.q("keystore get key with alias failed, ")));
        }
    }

    @Override // com.huawei.gamebox.vo9
    public void i(uo9 uo9Var) throws KfsValidationException {
        int i = uo9Var.b;
        if ((i == 128 || i == 192 || i == 256) ? false : true) {
            throw new KfsValidationException("bad aes key len");
        }
        if (uo9Var.c != KfsKeyPurpose.PURPOSE_CRYPTO) {
            throw new KfsValidationException("bad purpose for aes key, only crypto is supported");
        }
    }
}
